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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 GFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 30 September 2010 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1,2 and 4-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K| Claim(s) 1,2 and 4-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)DAII b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 

Acknowledgements 

1. This action is responsive to Applicants' amendments received 30 September 2010. 

2. This action has been assigned paper number 20101214 for reference purposes only. 

3. Claims 1, 2, and 4-23 are pending. 

4. Claims 1, 2, and 4-23 have been examined. 



Specification 

5. The specification is objected to as failing to provide proper antecedent basis for the 
claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the 
following is required: 



a. 


"a first module" in at least claim 15; 


b. 


"a second module" in at least claim 15; 


c. 


"a third module" in at least claim 15; 


d. 


"a fourth module" in at least claim 15; 


e. 


"a fifth module" in at least claim 15; an 


f. 


"a sixth module" in at least claim 15. 



Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 
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7. Claims 15-17 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. 

8. Claim 15 recites a "terminal" which comprises only "modules." A "terminal" is 
understood by the Examiner to be an apparatus. As discussed at length below, under the 
broadest reasonable interpretation, a "module" can be software and data. Because a "terminal" is 
understood to be an apparatus, it must be defined by its structure. See MPEP § 21 14. Software 
and data do not contain patentable structure when disembodied. Because the modules in claim 
15 are not recited as being embodied on a non-transitory computer readable medium, the 
corresponding software and data do not impart structure to the "terminal." Because there is no 
structure imparted to the "terminal" by the "modules," the "terminal" is a structureless apparatus. 
Because the "terminal" is an apparatus without structure, the "terminal" is not statutory subject 
matter as defined by 35 U.S.C. § 101. 

9. Claims 16 and 17 also contain elements (server and terminal) comprising only 
"modules." Claims 16 and 17 are also understood to be apparatus claims. For the reasons set 
forth in the preceding paragraph, claims 16 and 17 are also not statutory subject matter. 

10. If Applicants amend claims 15-17 so the "modules" are expressly recited as being 
embodied on a non-transitory computer readable medium, these rejections under 35 U.S.C. § 101 
would be overcome. This amendment would also overcome the rejections to these claims under 
35 U.S.C. § 1 12 2 nd paragraph presented below. 



Claim Rejections - 35 USC § 112 

1 1 . The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 
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The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards us his invention. 

12. Claims 15-17, 21, and 23 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

13. Claim 15 recites "[a] terminal. . .comprises: a first module. . .a second module. . .a third 
module. . .a fourth module. . .a fifth module. . .and a sixth module." Applicants have not been 
their own lexicographer and have not set forth a definition for the term "module." Because 
Applicants have not set forth a definition for the term "module," the term "module" must be 
interpreted under the broadest reasonable interpretation. Under the broadest reasonable 
interpretation, the term "module" can refer to computer software and data. See definition of 
"module" below. Software and data do not contain patentable structure when not expressly 
embodied on a non-transitory computer readable medium. Because the terminal of claim 15 
comprises only modules, because the term "module" can be interpreted as software and data 
under the broadest reasonable interpretation and because disembodied software and data do not 
contain patentable structure, the terminal, as recited by claim 15 contains no patentable structure. 
Because the terminal of claim 15 contains no patentable structure, one of ordinary skill in the art 
would not be able to determine the metes and bounds of claim 15. 

14. Claims 16 and 17, similar to claim 15, recite only elements which comprise modules. For 
the same reasons set forth in the preceding paragraph, these modules, and thus the claims, do not 
contain patentable structure. Because claims 16 and 17 do not contain patentable structure, one 
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of ordinary skill in the art would not be able to determine the metes and bounds of claims 16 and 



15. Claim 21 recites "the secret.. .is easily identified by the user." This limitation is indefinite 
because one of ordinary skill in the art would not be able to ascertain the metes and bounds of 
the limitation. In particular, the term "easily" is a term of degree, for which one of ordinary skill 
in the art would have no basis to determine the scope. Additionally, the term "easily" is 
subjective because what is easy for one user may not be easy for another user. Because the term 
"easily" is subjective and because the scope cannot be determined for the term "easily" claim 21 
is indefinite for failing to set forth the metes and bounds of the invention. 

16. Claim 23 contains a limitation similar to that of claim 21 as discussed in the preceding 
paragraph. Therefore, claim 23 is also rejected under a similar rationale. 

17. The Examiner finds that because particular claims are rejected as being indefinite under 
35 U.S.C. §112 2nd paragraph, it is impossible to properly construe claim scope at this time. 
However, in accordance with MPEP §2173.06 and the USPTO's policy of trying to advance 
prosecution by providing art rejections even though these claim are indefinite, the claims are 
construed and the art is applied as much as practically possible. 



18. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 



17. 



Claim Rejections - 35 USC § 103 
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having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

19. Claims 1-19, as understood by the Examiner, are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Lai On (US 2002/0059531) in view of Schneier (Applied Cryptography) 
and Kitada (US 2003/0037163). 

20. As to claims 1, 8, 13-18, 21, and 23, Lai On shows: 

g. A method for authorizing a transaction by a user using a terminal (Figure 2, 201) 
which is capable of communicating with a background system ("Authentication Site," 
Figure 2, 206) , with steps performed by the terminal comprising: 

h. determining non-confidential identification information ("Identification 
Information" which includes a user ID, Figure 3, 301 & [0020]) which identifies the user 
("The login information includes an identification of the user." Abstract), 

i. sending user identification data from which the identity of the user can be derived 
("The login information includes an identification of the user." Abstract), wherein the 
user identification data corresponds, or has been derived from, the non-confidential 
identification information determined by the terminal ("The First Vendor transmits the 
Identification Information to an Authentication Site" which includes the user ID, Figure 
3, 302 & [0020]), 

j. receiving (sent to First Vendor, Figure 3, 303) data ("Second Site's Site Key," 
Figure 3, 303) assigned to the user from the background system (Authentication Site 
generates and transmits the keys, Figure 3, 303), wherein the data pertains to a secret that 
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is known to the user (the key is sent to the user in reference to the submission of the login 

information, Figure 3), 

k. presenting the data given by the received data to the user (Figure 3, 305), thus 
signaling to the user than the terminal can be trusted 

1. determining a personal feature of the user ("The first or second vendor can require 
that additional identification be entered before the transaction, such as a PIN number or a 
biometric," [0025]), and 

m. sending feature data (biometric information, [0020]) to the background system, 
wherein the feature data is related to the personal feature of the user, and wherein the 
feature data signals or documents the authorization of the transaction by the user (the 
biometric information is part of the identification information, and is therefore also 
transferred to the Authentication Site. [0020] & Figure 3, 301). 

21 . Lai On does not expressly disclose that the keys are "secret data," the communication 
processes between the terminal and the background system are protected from attacks at least in 
part by at least one of time stamps, sequence numbers, random numbers and an encryption with a 
session key, and "sending terminal data to the background system, the terminal data serving to 
authenticate the terminal at the background system." 

22. However, Schneier discloses that symmetric keys, used for communications must remain 
secret (Page 4, Paragraph 2). Therefore, it would have been obvious to one of ordinary skill in 
the art at the time of the invention to have modified the teachings of Lai On to use the keys to 
encrypt the communications and make the keys secret because the keys need to be secret in order 
for the communications to be secret (Id.). 
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23. The Lai On/Schneier combination does not show: 

n. "sending terminal data to the background system, the terminal data serving to 
authenticate the terminal at the background system." 

24. However, Kitada shows a terminal 10 that sends authentication information to an 
authentication server 52 (S3 and S4, Figure 6) according to IEEE 802. lx [0204] -[0206]. 
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to have further modified the teachings of Lai On to add the terminal authentication 
according to IEEE 802. lx as described in Kitada because IEEE 802. lx allows for the 
identification of a terminal based on its MAC address (Kitada [0205]), a hexadecimal ID which 
is often hardwired into the modem or Ethernet card. 

25. As to claim 2, Lai On further shows: 

o. the terminal data is secured with at least one of a MAC ("User Session Key," 
Figure 3, 305) and a cryptographic signature for authentication at the background system. 

26. As to claim 4, Lai On further shows: 

p. the secret that is presented to the user is at least one of a text information (a key is 
a string of characters), acoustic information, visual information, and tactile information. 



27. 



As to claim 5, Lai On further shows: 

q. transaction data is also displayed to the user [0021]. 
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28. As to claim 6, Lai On further shows: 

r. the personal feature is a biometric feature of the user [0025]. 

29. As to claim 7, Lai On further shows: 

s. receiving acknowledgement data from the background system and at least one of 
displaying and printing out an acknowledgement for the user (in order for the key to be 
sent to the user through the second site it has to be displayed or printed, Figure 3, 308). 

30. As to claim 9, Lai On further shows: 

t. the secret data pertains to a secret which changes from one transaction to the next 
(for each of the countless potential second sites, there would be a different "Second Site's 
Site Key" [0024]). 

31. As to claim 10, Lai On further shows: 

u. the secret data pertains to a secret which depends at least in part on transactions 
performed previously (the Second Site's Site Key was acquired during the previous 
transaction with the First Vendor, Figure 3). 



32. 



As to claim 1 1, Lai On further shows: 

v. the feature data is checked, and the transaction is considered as authorized by the 
user only if this check is successful (Biometrics are referred to as a security measure, 
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therefore, unless the data is verified, access would not be allowed [0025]). 

33. As to claim 12, Lai On further shows: 

acknowledgement data is sent to the terminal if the check is successful (The Authentication Site 
returns the Second Site's Site Key as a confirmation that the data matched. Figure 3, 308). 

34. Claims 20 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lai On, 
Schneier, and Kitada as applied to claims 1 and 8 above, and further in view of Noguchi (US 
7,215,775). 

35. As to claims 20 and 22, the Lai On/Schneier/Kitada combination teaches as discussed 
above in regards to claims 1 and 8, but does not expressly show: 

w. The secret that is presented to the user is at least one of a displayed image, an 
acoustic output, and tactile information. 

36. However, Noguchi shows that a key may be transformed into an image representation (C 
9, LL 65-67). Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention to have further modified the teachings of Lai On to represent the key from 
the Authentication Site as an image, because representation as an image would facilitate the 
comprehension (Noguchi, C 9, LL 65-67). 
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Claim Interpretation 



37. The Examiner hereby adopts the following interpretations under the broadest reasonable 
interpretation standard. In accordance with In re Morris, 127 F.3d 1048, 1056, 44 USPQ2d 
1023, 1029 (Fed. Cir. 1997), the Examiner points to these other sources to support his 
interpretation of the claims. 1 Additionally, these interpretations are only a guide to claim 
terminology since claim terms must be interpreted in context of the surrounding claim language. 
Finally, the following list is not intended to be exhaustive in any way: 

x. Confidential: "private, secret confidential information>" Webster's Ninth 

New Collegiate Dictionary , Merriam- Webster Inc., Springfield MA, 1986. 

y. Module: " 1 . In programming, a collection of routines and data structures that 

performs a particular task or implements a particular abstract data type." Computer 

Dictionary . 3 rd Edition, Microsoft Press, Redmond, WA, 1997. 

z. Pertain: "to have reference" Webster's Ninth New Collegiate Dictionary , 

Merriam- Webster Inc., Springfield MA, 1986. 

aa. Private: "not known or intended to be known publicly" Webster's Ninth New 
Collegiate Dictionary , Merriam- Webster Inc., Springfield MA, 1986. 
bb. Secret: "kept from knowledge or view" Webster's Ninth New Collegiate 
Dictionary , Merriam- Webster Inc., Springfield MA, 1986. 



1 While most definition(s) are cited because these terms are found in the claims, the Examiner 
may have provided additional definition(s) to help interpret words, phrases, or concepts found in 
the definitions themselves or in the prior art. 
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Response to Arguments 

38. Applicant's arguments filed 30 September 2010 have been fully considered but they are 
not persuasive. 

39. Applicants argue : 

40. "Lai On does not teach that its identification information is non-confidential, as claimed. 
To the contrary, Paragraph [0020] of Lai On discloses that the identification information can 
include (1) a user ID and a user password, or (2) a user biometric. In both cases, the 
identification information includes confidential elements, namely the password or the user 
biometric" (Remarks, Page 12, Paragraph 3). 

41. Examiner's response : 

42. The Examiner agrees that the user password and the user biometric are confidential. 
However, the user ID is not. Applicants use the word "comprising" when setting forth the 
limitations of these claims. The word "comprising" means that the elements listed must be 
present, but the claim is not limited to inventions containing only those elements. Therefore, the 
fact that Lai On includes additional elements to those needed to anticipate the claims, such as the 
confidential data, does not preclude it from being used to reject the claims. 



43. The Examiner has considered Applicants' other arguments, but considers them to be moot 
in view of the new grounds of rejection. 
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Conclusion 



44. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

45. A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

CFR 1. 136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

46. Applicants are respectfully reminded that any suggestions or examples of claim language 
provided by the Examiner are just that — suggestions or examples — and do not constitute a 
formal requirement mandated by the Examiner. To be especially clear, any suggestion or 
example provided in this Office Action (or in any future office action) does not constitute a 
formal requirement mandated by the Examiner. 

cc. Should Applicants decide to amend the claims, Applicants are also reminded 
that — like always — no new matter is allowed. The Examiner therefore leaves it up to 
Applicants to choose the precise claim language of the amendment in order to ensure that 
the amended language complies with 35 U.S.C. § 1 12 1 st paragraph. 
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dd. Independent of the requirements under 35 U.S. C. § 1 12 1 st paragraph, Applicants 
are also respectfully reminded that when amending a particular claim, all claim terms 
must have clear support or antecedent basis in the specification. See 37 C.F.R. § 
1.75(d)(1) and MPEP § 608.01(o). Should Applicants amend the claims such that the 
claim language no longer has clear support or antecedent basis in the specification, an 
objection to the specification may result. Therefore, in these rare situations where the 
amended claim language does not have clear support or antecedent basis in the 
specification and to prevent a subsequent 'Objection to the Specification' in the next 
office action, Applicants are encouraged to either (1) re-evaluate the amendment and 
change the claim language so the claims do have clear support or antecedent basis or, (2) 
amend the specification to ensure that the claim language does have clear support or 
antecedent basis. See again MPEP § 608.0 l(o) (f3). Should Applicants choose to amend 
the specification, Applicants are reminded that — like always — no new matter in the 
specification is allowed. See 35 U.S.C. § 132(a). If Applicants have any questions on this 
matter, Applicants are encouraged to contact the Examiner via the telephone number 
listed below. 

47. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOSHUA MURDOUGH whose telephone number is (571)270- 
3270. The Examiner can normally be reached on Monday - Friday, 8:00 a.m. - 5:00 p.m. 

48. If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, Andrew Fischer can be reached on (571) 272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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49. Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Joshua Murdough/ 
Examiner, Art Unit 3621 

/EVENS J. AUGUSTIN/ 
Primary Examiner, Art Unit 3621 



